• Home
  • Black Duck vs. Veracode

Black Duck vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo

Black Duck

Read 16 Black Duck reviews
14,882 views|10,384 comparisons
85% willing to recommend
Veracode Logo

Veracode

Read 194 Veracode reviews
6,768 views|4,518 comparisons
89% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Black Duck vs. Veracode
March 2024
Executive Summary

We performed a comparison between Black Duck and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Black Duck vs. Veracode Report (Updated: March 2024).
Download the complete report
768,740 professionals have used our research since 2012.
Featured Review
Zhengang Ren
Researched Veracode but chose Black Duck: Very good at scanning open source software and ensuring compliance
Ujjwal Sachdeva
Identifies bugs before deployment in the software-side cycle process
We've saved a lot of time since using Veracode. We've also been able to cut down on costs since we require a lot of penetration tests for testing... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The product enables other applications to be secure.""It is able to drill down to the source level.""I like the fact that the product auto analyzes components.""The installation is very easy.""The UI is the solution's most valuable feature since it allows for easy pipeline integration.""The stability is okay.""The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.""The solution is stable."

More Black Duck Pros →

"The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy.""Allows us to track the remediation and handling of identified vulnerabilities.""Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us.""Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components.""Provides consistent evaluation and results without huge fluctuations in false positives or negatives.""The Veracode technical support is very good. They are responsive and very knowledgeable.""I don't have much experience with the solution yet. We're looking at integrating Manual Penetration Testing with JIRA and Bamboo and then building that into a CICD model, so the integration is the most valuable feature so far.""It does software composition analysis, discovering open source software weaknesses."

More Veracode Pros →

Cons
"The tool needs to improve its pricing. Its configuration is complex and can be improved.""The solution's pricing model and documentation areas of concern where improvement is needed.""The product's pricing is higher compared to other competitor products.""It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance.""We're not too sure about the extension of the firewall. It never shows up in the Hub.""The documentation is quite scattered.""I would like to see more integration with other solutions, such as IntelliJ IDEA.""The solution must provide more open APIs."

More Black Duck Cons →

"Ideally, I would like better reporting that gives me a more concise and accurate description of what my pain points are, and how to get to them.""One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive.""Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided.""The zip file scanning has room for improvement.""It does not have a reporting structure for an OS-based vulnerability report, whereas its peers such as Fortify and Checkmarx have this ability. Checkmarx also provides a better visibility of the code flow.""Veracode is costly, and there is potential for improvement in its pricing."

More Veracode Cons →

Pricing and Cost Advice
  • "Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
  • "The price is quite high because the behavior of the software during the scan is similar to competing products."
  • "The price is low. It's not an expensive solution."
  • "Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
  • "It is expensive."
  • "I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
  • "The pricing is a little high."

    • More Black Duck Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    See Recommendations
    768,740 professionals have used our research since 2012.
    Questions from the Community
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Black Duck?
    Top Answer:The product enables other applications to be secure.
    Read all 15 answers   →
    What is your experience regarding pricing and costs for Black Duck?
    Top Answer:The pricing is a little high. I rate the pricing a seven out of ten. The average price of the product is close to $100.
    Read all 12 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    1st
    out of 40 in Software Composition Analysis (SCA)
    Views
    14,882
    Comparisons
    10,384
    Reviews
    7
    Average Words per Review
    373
    Rating
    8.1
    3rd
    out of 40 in Software Composition Analysis (SCA)
    Views
    6,768
    Comparisons
    4,518
    Reviews
    99
    Average Words per Review
    970
    Rating
    8.1
    Comparisons
    Snyk logo
    Snyk vs. Black Duck
    Compared 22% of the time.
    JFrog Xray logo
    JFrog Xray vs. Black Duck
    Compared 11% of the time.
    Mend.io logo
    Mend.io vs. Black Duck
    Compared 9% of the time.
    More Black Duck Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 27% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 6% of the time.
    HCL AppScan logo
    HCL AppScan vs. Veracode
    Compared 3% of the time.
    More Veracode Competitors   →
    Also Known As
    Blackduck Hub, Black Duck Protex, Black Duck Security Checker
    Crashtest Security , Veracode Detect
    Learn More
    Synopsys
    Veracode
    Overview

    Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Manufacturing Company67%
    Computer Software Company17%
    Financial Services Firm17%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Manufacturing Company15%
    Computer Software Company15%
    Healthcare Company4%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business32%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise10%
    Large Enterprise75%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Black Duck vs. Veracode
    March 2024
    Free Report: Black Duck vs. Veracode
    Find out what your peers are saying about Black Duck vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,740 professionals have used our research since 2012.

    Black Duck is ranked 1st in Software Composition Analysis (SCA) with 16 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. Black Duck is rated 7.8, while Veracode is rated 8.2. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and Polaris Software Integrity Platform, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and HCL AppScan. See our Black Duck vs. Veracode report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.